Category:

Posted in:

Share

Security concerns on the rise – OCG’s Industry Forecast 2016 survey

In a recent survey carried out by Oxford Computer Group, security was cited as the biggest concern for businesses in 2016. The Industry Forecast 2016 survey saw 20% of respondents highlight security as the most prominent challenge they are expecting to face in the coming months. This result was up 18% when compared to 2015’s challenges.

The announcement that the GDPR will soon be coming into force has once again highlighted the severity of this issue for all organisations. Coupled with some recent high profile data breach cases at TalkTalk and VTech, businesses are being prompted to take an even closer look at their security measures.

General Data Protection Regulation

The GDPR, part of the EU’s cyber security strategy, promises stricter rules to protect personal data. This is great news for consumers, but creates a real headache for any business that handles personal data – effectively, every business. It is designed to act as a ‘stick’ to force businesses to address data security procedures, or face fines of up to 2% of worldwide turnover.

Previously the fine for a data breach has stood at a maximum of £500,000 in the UK – a drop in the ocean for many businesses. But to suffer a fine amounting to 2% of turnover could seriously dent tight profit margins, and shatter share prices. Not to mention the damage to the business’ reputation which will undoubtedly result – TalkTalk has lost over 100,000 customers following its 2015 data breach.

Network and Information Security Directive

The NIS Directive, also part of the EU’s cyber security strategy, is due to come into play in 2018. The aim is to facilitate cooperation between member states when it comes to infrastructure (including digital networks), and also to protect essential services including:

Energy (oil, gas and electricity)

Transport (air, rail, road and water)

Banking

Financial markets

Public and private healthcare

Drinking water supplies

Digital networks

Businesses and organisations in these fields will be required to manage risks to their security, take appropriate measures to prevent attacks, and minimise the potential success of such attacks.

The NIS Directive doesn’t specify actions that should be taken by these organisations, stating that measures should be ‘state of the art’ and therefore developing over time to keep up-to-date with the threats posed.

While data security certainly isn’t a new issue, as hackers and thieves adapt their attacks to work around security measures, businesses must continue to learn and develop even more sophisticated defences, or run the risk of severe damage to their bottom line.